Install SSL Certificate into a FortiAnalyzer
We utilize a lot of Fortigate firewalls and have had really good success with them. The biggest downside, is there is no native reporting functionality built into them. For that we utilize a FortiAnalyzer device which provides really impressive, feature-rich reporting. While there is a large amount of functionality available from the GUI, adding an external SSL certificate for remote access to the device requires utility the CLI. Thankfully it is a pretty straightforward process:
From the CLI type: exec certificate local generate some.domain.com (whatever your external domain name is)
Next you will need to setup a local TFTP server (I use tftpd32, simple and straightforward) and run the following command:exec certificate local export some.domain.com 192.168.123.123 (the IP address of your local TFTP server)
Next, open your TFTP folder and you will find your CSR file.
Open this file in your favorite text editor and copy and paste it into your cert request through your SSL vendor (Godaddy, Verisign, etc.). After domain authorization and receipt of your certificate, simply upload it via the same method:exec certificate local import some.domain.com.crt 192.168.123.123
Finally from the FortiAnalyzer GUI Console, browse to System Settings, Admin, Admin Settings & select the newly imported some.domain.com.crt certificate.
Hey mate, I need to renew the certificate on our Fortianalyser, how do I renew the certificate already installed?
You simply create a new request using as listed above – with a new CSR, upload it as listed above, then select your new certificate as the one to use. 🙂
All done 🙂